| Saturday December 20th 2014

Feedburner

Subscribe by email:

We promise not to spam/sell you.


Search Amazon deals:

Posts Tagged ‘input validation’

Use Twitter? Turn off JavaScript… there’s bad XSS issues there being exploited right now

Use Twitter? Turn off JavaScript… there’s bad XSS issues there being exploited right now

So, I started seeing odd tweets in my timeline, it seems that posting a link like this: http://oh.no/@"onmouseover=";alert('XSS')" fails input validation, resulting in the script being executed when you mouse over the tweet. Note that you can inject pretty much any attribute this way, including style, letting your tweet use fixed [...]